Card-present transactions (the kind where the florist swipes the customer's credit card) are considered to be the most secure form of credit card transaction, largely because they depend on the possession of an authentication factor. The authentication factor (something only the customer should have) is a "token" in the form of the physical credit card.
The presence of the credit card makes card-present transactions more secure than telephone or web orders (so common in the floral industry) that only require information (primary card number, expiration date and sometimes CVV number). The card also allows the retail florist to check the signature, other ID, etc.
The problem is that physical credit cards make poor tokens. They simply aren't very secure. Nowadays compromised credit cards are relatively easy to acquire through theft, counterfeiting, cloning, etc.
This weakness is the problem that EMV tries to address. EMV is all about introducing a payment card format and card-present payment process that truly is secure. The EMV standard does this by including a special computer chip on the credit card. A traditional credit card might be easy to counterfeit, a chip card is not.
The EMV standard also introduces what is called multi-factor authentication. Multi-factor authentication improves security by requiring different authentication factors. In the case of EMV those factors are something you have (a physical token in the form of the EMV card) and something you know (a secret PIN). Neither works without the other, making the process much more secure.
The EMV process also requires the use of a special EMV terminal. When the customer makes a purchase the florist hands them a new kind of payment terminal. The customer inserts the credit card and is then required to confirm the amount and enter their PIN. It is this terminal that makes the whole thing possible.
EMV is primarily about reducing charges made to counterfeit credit cards. Let's imagine Tom Smith has a traditional Visa and uses it to make an online purchase. That online merchant is hacked, and Tom's Visa number is stolen. A counterfeiter then creates a copy of that card and uses it to make card-present transactions. Although relatively easy now this kind of fraud becomes much more difficult with EMV technology.
This extra security is good for Tom (the cardholder) because it means he is less likely to see (and have to report) fraudulent activity on his credit card statement. It is also good for banks and credit card companies because they will no longer have to cover the costs of this kind of fraud.
It is important to note that florists don't have to start doing anything differently as of the October deadline. A flower shop can continue to process credit cards exactly as they do now. Existing processes will not stop working or become less secure. The only difference is that, because a more secure options for processing card present transactions is available, there will also be a shift in liability.
Think back to Tom and the counterfeit Visa. Tom is not liable for fraudulent purchases made using a counterfeit version of his credit card. So who does cover the costs?
Right now, pre-deadline, the florist is not responsible. There are weaknesses in the non-EMV system that the banks and credit card companies currently provide, so they cover any losses, protecting the cardholder and the retail florist.
With EMV the banks and credit card companies are introducing a secure standard, and if a florist chooses not to take advantage of it they will be liable for losses.
Back to Tom Smith and his counterfeit Visa.... after the October deadline it could only be used at a flower shop that is not using the EMV standard. Because that florist chose not to protect the cardholder by using the most secure process (EMV) the florist is now responsible for paying Tom back.
It is worth noting that EMV does not protect florists from the kind of large scale data breaches seen over the past few years. Those situations where criminals break into a system and steal thousands of credit card numbers? EMV does nothing to prevent that kind of attack. EMV does prevent the use of counterfeit cards bearing stolen number down the line, but it does not protect against the initial theft. If your system is secure, it is no less secure after the October deadline. If you have never suffered a data breach you are no more likely to suffer one after the October deadline.
The implications really depend on the nature of the business. If you are a merchant that does a lot of high-value card-present sales you are at risk on each and every one of them if you choose to ignore the EMV process after the deadline. This transaction profile is relatively uncommon in the retail floral industry. A florist might process large card-present payments for event work, but this is not the kind of anonymous high-value sale that some merchants (like those in retail electronics) see every day.
If however you are an online retailer EMV does nothing to protect you. EMV only protects card present transactions where the cardholder can enter a secure PIN into a special PIN terminal. That never happens in e-commerce and EMV can never protect those online sales. This is also true of telephone orders - EMC technology does not protect them.
Florists are in an interesting position. In the retail floral industry an average of 70% to 80% of floral sales are done over the phone or through the florist's e-commerce website. EMV technology cannot protect those transactions.
At best EMV technology can only protect in-person, card-present credit card sales, and these are relatively rare in the floral industry. For the average flower shop in–person are less than 30% of their volume, with roughly 60% of these being paid for with credit cards. That means that EMV technology will protect less than 20% of the sales for the average florist.
